In the dynamic realm of cybersecurity, staying updated on the latest vulnerabilities is imperative.
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 18-19, 2024.
During this period, The National Vulnerability Database published 96, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 17
Medium: 27
Low: 4
Severity Not Assigned: 43
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-22416
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.
References: https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e
https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc
https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6816
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
References: http://www.openwall.com/lists/oss-security/2024/01/18/1
https://access.redhat.com/security/cve/CVE-2023-6816
https://bugzilla.redhat.com/show_bug.cgi?id=2257691
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-5806
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: before v1.2.
References: https://www.usom.gov.tr/bildirim/tr-24-0040
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-22317
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/279143
https://www.ibm.com/support/pages/node/7108661
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-40051
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.3
Description: This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
References: https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport
https://www.progress.com/openedge
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-40052
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0
.
An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.
References: https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport
https://www.progress.com/openedge
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0607
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element, possibly leading to an out-of-bounds write. This flaw allows a local user to cause a denial of service or potentially escalate their privileges on the system.
References: https://access.redhat.com/security/cve/CVE-2024-0607
https://bugzilla.redhat.com/show_bug.cgi?id=2258635
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-34348
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01
CWE-ID: CWE-703
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-22212
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.
References: https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77
https://hackerone.com/reports/2248689
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-22419
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible.
References: https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f
https://github.com/vyperlang/vyper/issues/3737
https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-22415
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.
References: https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95
https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x
CWE-ID: CWE-23 CWE-284 CWE-306
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-43815
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wscreendesctextlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-43817
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wmailcontentlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-43818
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtextlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-43819
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-initialmacrolen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-43820
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesprevvaluelen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-43821
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesactionlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-43822
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlestimelen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-43823
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wttitlelen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-43824
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtitletextlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-5130
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-5131
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
This edition of the AppSecWorld's CVE Daily Digest provides a snapshot of the vulnerabilities published in National Vulnerability Database between January 18-19, 2024.
During this period, The National Vulnerability Database published 96, and these new Common Vulnerabilities and Exposures (CVEs) are classified as follows:
Critical: 5
High: 17
Medium: 27
Low: 4
Severity Not Assigned: 43
Identifying and understanding these vulnerabilities are pivotal steps towards enhancing security measures and creating a safer digital environment.
Now, let's delve deeper into AppSecWorld's CVE Daily Digest, spotlighting the Critical and High Severity vulnerabilities that demand immediate attention.
1. CVE-2024-22416
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.
References: https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e
https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc
https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm
CWE-ID: CWE-352
Common Platform Enumerations (CPE): Not Found
2. CVE-2023-6816
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
References: http://www.openwall.com/lists/oss-security/2024/01/18/1
https://access.redhat.com/security/cve/CVE-2023-6816
https://bugzilla.redhat.com/show_bug.cgi?id=2257691
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
3. CVE-2023-5806
Base Score: 9.8
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.9
Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: before v1.2.
References: https://www.usom.gov.tr/bildirim/tr-24-0040
CWE-ID: CWE-89
Common Platform Enumerations (CPE): Not Found
4. CVE-2024-22317
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.9
Impact Score: 5.2
Description: IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.
References: https://exchange.xforce.ibmcloud.com/vulnerabilities/279143
https://www.ibm.com/support/pages/node/7108661
CWE-ID: CWE-307
Common Platform Enumerations (CPE): Not Found
5. CVE-2023-40051
Base Score: 9.1
Base Severity: CRITICAL
Exploitability Score: 3.1
Impact Score: 5.3
Description: This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.
References: https://community.progress.com/s/article/Important-Progress-OpenEdge-Critical-Alert-for-Progress-Application-Server-in-OpenEdge-PASOE-Arbitrary-File-Upload-Vulnerability-in-WEB-Transport
https://www.progress.com/openedge
CWE-ID: CWE-434
Common Platform Enumerations (CPE): Not Found
6. CVE-2023-40052
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0
.
An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server’s remaining ability to process valid requests.
References: https://community.progress.com/s/article/Important-Progress-OpenEdge-Product-Alert-for-Progress-Application-Server-for-OpenEdge-PASOE-Denial-of-Service-Vulnerability-in-WEB-Transport
https://www.progress.com/openedge
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
7. CVE-2024-0607
Base Score: 7.8
Base Severity: HIGH
Exploitability Score: 1.8
Impact Score: 5.9
Description: A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element, possibly leading to an out-of-bounds write. This flaw allows a local user to cause a denial of service or potentially escalate their privileges on the system.
References: https://access.redhat.com/security/cve/CVE-2024-0607
https://bugzilla.redhat.com/show_bug.cgi?id=2258635
CWE-ID: CWE-787
Common Platform Enumerations (CPE): Not Found
8. CVE-2023-34348
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.6
Description:
AVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.
References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-018-01
CWE-ID: CWE-703
Common Platform Enumerations (CPE): Not Found
9. CVE-2024-22212
Base Score: 9.6
Base Severity: CRITICAL
Exploitability Score: 2.8
Impact Score: 6.0
Description: Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.
References: https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77
https://hackerone.com/reports/2248689
CWE-ID: CWE-306
Common Platform Enumerations (CPE): Not Found
10. CVE-2024-22419
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible.
References: https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f
https://github.com/vyperlang/vyper/issues/3737
https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p
CWE-ID: CWE-120
Common Platform Enumerations (CPE): Not Found
11. CVE-2024-22415
Base Score: 7.3
Base Severity: HIGH
Exploitability Score: 3.9
Impact Score: 3.4
Description: jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.
References: https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95
https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x
CWE-ID: CWE-23 CWE-284 CWE-306
Common Platform Enumerations (CPE): Not Found
12. CVE-2023-43815
Base Score: 7.1
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 3.7
Description: A buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wscreendesctextlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
13. CVE-2023-43817
Base Score: 7.5
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 5.9
Description: A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wmailcontentlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
14. CVE-2023-43818
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtextlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
15. CVE-2023-43819
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-initialmacrolen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
16. CVE-2023-43820
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesprevvaluelen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
17. CVE-2023-43821
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlesactionlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
18. CVE-2023-43822
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wlogtitlestimelen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
19. CVE-2023-43823
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wttitlelen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
20. CVE-2023-43824
Base Score: 8.8
Base Severity: HIGH
Exploitability Score: 2.8
Impact Score: 5.9
Description: A stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-delta-industrial-automation-dopsoft-dps-file-wtitletextlen-buffer-overflow-remote-code-execution/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
21. CVE-2023-5130
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-wplsoft-buffer-overflow/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found
22. CVE-2023-5131
Base Score: 8.2
Base Severity: HIGH
Exploitability Score: 1.6
Impact Score: 6.0
Description: A heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.
References: https://blog.exodusintel.com/2024/01/18/delta-electronics-ispsoft-heap-buffer-overflow/
CWE-ID: CWE-119
Common Platform Enumerations (CPE): Not Found